WO2012061516A1 - Simulacre de dispositif de sécurité physique et procédés - Google Patents

Simulacre de dispositif de sécurité physique et procédés Download PDF

Info

Publication number
WO2012061516A1
WO2012061516A1 PCT/US2011/058994 US2011058994W WO2012061516A1 WO 2012061516 A1 WO2012061516 A1 WO 2012061516A1 US 2011058994 W US2011058994 W US 2011058994W WO 2012061516 A1 WO2012061516 A1 WO 2012061516A1
Authority
WO
WIPO (PCT)
Prior art keywords
identifier
access data
card
user
esim
Prior art date
Application number
PCT/US2011/058994
Other languages
English (en)
Inventor
Stephan V. Schell
Jerrold V. Hauck
Original Assignee
Apple Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Apple Inc. filed Critical Apple Inc.
Publication of WO2012061516A1 publication Critical patent/WO2012061516A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/50Service provisioning or reconfiguring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/183Processing at user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • H04W8/205Transfer to or from user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support
    • H04W8/265Network addressing or numbering for mobility support for initial activation of new user

Definitions

  • the present invention relates generally to the field of communications systems, and more particularly in one exemplary aspect, to wireless systems that allow user devices to authenticate to wireless networks (e.g., cellular networks, WLANs, WMANs, etc.) using access control clients.
  • wireless networks e.g., cellular networks, WLANs, WMANs, etc.
  • Access control is required for secure communication in most prior art wireless radio communication systems.
  • one simple access control scheme might comprise: (i) verifying the identity of a communicating party, and (ii) granting a level of access commensurate with the verified identity.
  • access control is governed by an access control client, referred to as a Universal Subscriber identity Module (USIM) executing on a physical Universal integrated Circuit Card (UICC).
  • USIM authenticates the subscriber to the UMTS cellular network. After successful authentication, the subscriber is allowed access to the cellular network.
  • access control client refers generally to a logical entity, either embodied within hardware or software, suited for controlling access of a first device to a network.
  • access control clients include the aforementioned USIM, CDMA Subscriber Identification Modules (CSIM), IP Multimedia Services Identity Module (ISIM), Subscriber Identity Modules (SIM), Removable User Identity Modules (RUIM), etc.
  • USIM software are based on the Java CardTM programming language.
  • Java Card is a subset of the JavaTM programming language that has been modified for embedded "card” type devices (such as the aforementioned UICC).
  • AKA Authentication and Key Agreement
  • the USIM must both (i) successfully answer a remote challenge to prove its identity to the network operator, and (ii) issue a challenge to verify the identity of the network.
  • USIM based access control is limited to only a single Mobile Network Operator (MNO) at a time.
  • MNO Mobile Network Operator
  • the UICC card is a physical element which is more difficult to reproduce.
  • the physical barrier to reproduction provides tangible benefits for distribution, sale, piracy, etc.
  • a would-be software pirate cannot sell multiple copies of the same SIM card.
  • "cloning" or copying a SIM card is generally illegal, the one valid physical card can be distinguished from illicit clones.
  • vendors can use typical inventory management procedures for SIM cards e.g., purchase, store, liquidate, etc.
  • a method for provisioning user access data comprises: providing apparatus comprising a computer-readable identifier; utilizing the apparatus to obtain the identifier; using the identifier to identify user access data; and providing the user access data to a user device, the access data allowing for said user device to access a service.
  • the apparatus comprises a simulacrum of an identity module of a mobile device.
  • the simulacrum comprises e.g., a subscriber identity module (SIM) for a UMTS-compliant mobile telephony device.
  • SIM subscriber identity module
  • the computer-readable identifier comprises an identifier stored in a computer readable memory of the apparatus, and the act of using the identifier comprises reading the identifier from memory using the user device.
  • the computer-readable identifier comprises a bar code disposed on an externally readable surface of the apparatus.
  • a network provisioning apparatus e.g., SIM provisioning server (SPS)
  • SPS SIM provisioning server
  • a method of operating network provisioning apparatus e.g., SIM provisioning server (SPS)
  • SPS SIM provisioning server
  • a user device enabled for access client e.g., eSIM
  • the device comprises a mobile smartphone having art least one wireless interface.
  • a simulacrum-based device provisioning architecture is disclosed.
  • a mobile communication system is disclosed.
  • a virtual "storefront" entity for activating and provisioning mobile devices is disclosed.
  • a mobile device an access client (e.g., electronic SIM) using a simulacrum are disclosed.
  • an access client e.g., electronic SIM
  • a computer readable apparatus In one embodiment, the apparatus comprises a storage medium having at least one computer program disposed thereon.
  • FIG. 1 illustrates an exemplary Authentication and Key Agreement (AKA) procedure using a prior art Universal Subscriber Identity Module (USIM).
  • AKA Authentication and Key Agreement
  • USIM Universal Subscriber Identity Module
  • FIG. 2 is a logical flow diagram illustrating one embodiment of a method for initially providing a simulacrum of a physical security device according to the invention.
  • FIG. 3 is a logical flow diagram illustrating one embodiment of the method for using a simulacrum within a device according to the invention.
  • FIG. 4 is a logical flow diagram illustrating one embodiment of a generalized method for providing an access control client according to the invention.
  • FIG. 5 is a block diagram of an exemplary embodiment of an SIM (Subscriber Identity Module) provisioning server (SPS) apparatus according to the invention.
  • SIM Subscriber Identity Module
  • SPS provisioning server
  • FIG. 6 is a block diagram illustrating an exemplary embodiment of a user device according to the invention.
  • a cellular network can securely delivery an electronic access client (e.g., electronic SIM or eSIM) to a cellular device, after the cellular device is deployed, by employing a physical security device.
  • an electronic access client e.g., electronic SIM or eSIM
  • a UICC can be manufactured for a particular network operator without having complete USIM data provisioned on it (e.g., as a "faux" card in the form of a UICC). Instead, the UICC is loaded with an identifier which is uniquely associated with second set of data (e.g. activation code) that corresponds to a particular eSIM.
  • a cellular device equipped with the faux UICC card can download the second data or eSIM data from the network by providing or inputting the corresponding activation code.
  • the faux card comprises a SIM card form factor device generally of the type known in the prior art, yet which contains the foregoing activation identifier.
  • an eSIM is provisioned to and activated on the device (such as via a download to the device over the cellular or other link), thereby allowing the user to use the device.
  • This approach inter alia maintains backwards compatibility with existing physical card media schemes, and also allows for the provision of a tangible medium with the device (which may be desirable to device manufacturers and/or service providers, as well as giving the user the sense or perception of greater physical security), yet advantageously allows for remote provisioning and configuration of the eSIM at the time of activation.
  • the faux card is not a UICC or SIM card, but rather a
  • “smart” card e.g., a polymer credit-type card with an integrated circuit, such as a passive RFID device embedded therein
  • a smart card which is not inserted into the user device, but is rather interrogated to read out the aforementioned identifier or other data which then enables activation and provisioning of the user device.
  • the faux card is simply a "dumb” card which is imprinted, bar coded, or otherwise associated with unique identification information which the user (or service center) can utilize as part of the provisioning/activation process.
  • SIM Subscriber Identity Modules
  • UE user equipment
  • USIM Universal Subscriber Identity Module
  • the USIM is a logical software entity that is stored and executed from a physical Universal Integrated Circuit Card (UICC).
  • UICC Universal Integrated Circuit Card
  • a variety of information is stored in the USIM such as subscriber information, as well as the keys and algorithms used for authentication with the network operator in order to obtain wireless network services.
  • UICCs are programmed with a USIM prior to subscriber distribution; the pre-programming or "personalization" is specific to each network operator. For example, before deployment, the USIM is associated with an International Mobile Subscriber Identify (IMSI), a unique Integrated Circuit Card Identifier (ICC-ID) and a specific authentication key (K). The network operator stores the association in a registry contained within the network's Authentication Center (AuC). After personalization, the UICC can be distributed to subscribers.
  • IMSI International Mobile Subscriber Identify
  • ICC-ID unique Integrated Circuit Card Identifier
  • K specific authentication key
  • the network operator stores the association in a registry contained within the network's Authentication Center (AuC). After personalization, the UICC can be distributed to subscribers.
  • AuC Authentication Center
  • AKA Authentication and Key Agreement
  • the UE 102 acquires the International Mobile Subscriber Identifier (IMSI) from the USIM 104.
  • the UE passes it to the Serving Network (SN) 106 of the network operator or the visited core network.
  • the SN forwards the authentication request to the AuC of the Home Network (HN).
  • the HN compares the received IMSI with the AuC's registry and obtains the appropriate K.
  • the HN generates a random number (RAND) and signs it with K using an algorithm to create the expected response (XRES).
  • RAND random number
  • XRES expected response
  • the HN further generates a Cipher Key (CK) and an Integrity Key (IK) for use in cipher and integrity protection as well as an Authentication Token (AUTN) using various algorithms.
  • the HN sends an authentication vector, consisting of the RAND, XRES, CK, and AUTN to the SN.
  • the SN stores the authentication vector only for use in a one-time authentication process.
  • the SN passes the RAND and AUTN to the UE.
  • the USIM 104 verifies if the received AUTN is valid. If so, the UE uses the received RAND to compute its own response (RES) using the stored K and the same algorithm that generated the XRES, The UE passes the RES back to the SN.
  • the SN 106 compares the XRES to the received RES and if they match, the SN authorizes the UE to use the operator's wireless network services.
  • FIG. 2 one embodiment of a generalized method for initially providing a simulacrum of a physical security device is illustrated and described.
  • one or more representations of access data are generated.
  • the one or more representations of access data comprise one or more computer-readable identifiers.
  • computer-readable identifiers comprise a printable indicia such as a barcode, QR code (two-dimension barcode), scan pattern, character string, etc. suitable for printing onto & physical card media.
  • computer-readable identifiers comprise electronic indicia, such as a string of bits, bytes, or words, suitable for reading from a storage media.
  • computer-readable identifiers may comprise electronic indicia that change over time, over use, etc.
  • identifiers may include, for example a Linear Feedback Shift Register (LFSR), a state machine, a seeded mathematical transform, a digital certificate, etc.
  • LFSR Linear Feedback Shift Register
  • the computer-readable identifiers may be further scrambled, encrypted, or otherwise obfuscated, to prevent malicious or unintentional use.
  • the one or more representations of access data comprise one or more human-readable identifiers.
  • Common human-readable identifiers include e.g., text indicia, strings of characters, graphical pictures, e-mail, etc.
  • human- readable identifiers may comprise a code, and/or a graphic of the intended user's face.
  • multiple representations of access data are generated.
  • a computer-readable indicia may be coupled with a human-readable indicia to complicate replication for would-be counterfeiters.
  • Such coupling may be implicitly or explicitly related to one another.
  • a human-readable string could be scrambled into a computer-readable signature, etc.
  • would-be counterfeiters could read the human-readable string, but would not be able to reproduce the computer-readable signature.
  • a human-readable string is associated with a computer-readable signature in a trusted database, etc.
  • multiple representations of access data may be useful where a prospective customer is expected to purchase multiple access data.
  • multiple indicia may be generated for a multimode device, where each ones of the indicia is useful for identifying ones of the access data.
  • the indicia has not been associated with access data.
  • a serial number may be generated, without a reserved eSIM.
  • Such embodiments may be useful for "on-the-fly" eSIM provisioning, as described in greater detail hereinafter.
  • the indicia may already have been associated with access data; for example, an ICC-ID that is already allocated to a particular eSIM.
  • combinations may exist which combine fixed and run-time configurable indicia; e.g., one identifier associated with access data for home use and a second identifier which is configurable at run-time useful for roaming operation, etc.
  • the one or more representations of access data are captured to a simulacrum.
  • a representation of access data is stored on the simulacrum.
  • a representation of access data is printed or otherwise affixed to the simulacrum (e.g. label, printing, engraving, etc.).
  • multiple representations are captured on the same device.
  • a card may be printed with a human-readable string, in addition to a computer-readable barcode, internally stored identifier, etc.
  • a card media may be printed with multiple human-readable strings.
  • printed or other renderings of identifiers may be made tamper- resistant to prevent unauthorized usage.
  • a printed identifer may be obfuscated with a thin "scratch" veneer, or tamper evident seal.
  • the customer can scratch off the veneer and use the device.
  • the veneer guarantees that the identifier has (up to the point of scratching) not been tampered with.
  • the printed identifier may be sealed within packaging, etc,
  • the representations are unique when considered individually.
  • a "unique" representation refers to a non-ambiguous single data element (e.g., eSIM).
  • eSIM non-ambiguous single data element
  • a faux card may be individually printed with multiple unique representations, each representation uniquely identifying one access data.
  • a faux card may be individually printed with one or more computer-readable identifiers, and one or more human-readable identifiers, the combination of which uniquely identify an access data.
  • a faux card may have a computer-readable ICC-ID, and multiple human-readable carrier options (e.g., AT&TTM, VerizonTM, SprintTM, etc.).
  • AT&TTM AT&TTM
  • VerizonTM VerizonTM
  • SprintTM SprintTM
  • associating the computer-readable ICC-ID with a selected human-readable carrier option one access data is uniquely described, etc. even though the individual identifiers themselves are ambiguous.
  • the representation of access data requires reserving an access data. For example, assigning an identifier (e.g., an ICC-ID, etc.) can reserve eSIM data; the identifier and eSIM data are linked within the network registry. Thereafter, the identifier will refer to the reserved eSIM data.
  • the representation of access data does not require reservation. For example, a faux card may be assigned an eSIM on an as-needed basis. Postponing assignation of access data to an identifier may be particularly useful where not all elements necessary to assign access data are known. For instance, prior art USIMs locked the subscriber to a particular carrier, etc.
  • Postponement enables a subscriber to customize their eSIM (e.g., select a network carrier or carriers, etc.) Postponement is described in greater detail in U.S. Patent Publication Number 2009/0181662 filed on January 13, 2009, and entitled "POSTPONED CARRIER CONFIGURATION, previously incorporated by reference in its entirety. As described therein, postponement refers in one embodiment to enabling differentiation of mobile devices for a particular telecommunications carrier at the activation stage (rather than during manufacture, etc.)
  • the one or more representations of access data can be stored or catalogued on a network registry (step 206),
  • the one or more representations are catalogued on a network registry enabling inventory management of the simulacra. For example, a "lot" of faux cards can be manufactured, with corresponding barcodes or other identifiers.
  • Various portions of the catalogued barcodes/identifiers can be provided to respective ones of multiple eSIM vendors. Portioning of eSIMs is desirable for efficiency (e.g., eSIMs are generated on an as-needed basis), and multi-sourcing (e.g., multiple eSIM vendors can be interchangeably used, to prevent monopolistic practices, etc.).
  • Cataloging of representations and their corresponding simulacra may also be used for detecting and preventing fraudulent, malicious, and/or surreptitious use. As previously discussed, cross-verification of the various identifiers may help identify fraudulent or compromised simulacrum.
  • one or more computer-readable indicia may be coupled with one or more human-readable indicia to complicate replication for would-be counterfeiters. Missing, different, corrupted, or additional indices indicate abnormal operation, and can flag fraudulent behavior.
  • cataloging of representations to access data may be used to allow authorized retrieval of the access data if the simulacrum itself is lost. For example, if a faux card associated with an eSIM is destroyed or lost, the owner of the card can request the generation of a new card, based on the information stored within the network repository.
  • the replacement card may not be identical in all aspects, such as aspects other than those noticed by the user. For example, differences in access data elements such as state, computer-readable identifiers, etc. do not affect the user, and may be changed to ensure security. However, user-specific access data may be gleaned from the registry contents, and then automatically configured for the replacement card.
  • FIG. 3 one embodiment of a generalized method for using a simulacrum within a device is illustrated.
  • a target device reads one or more representations of access data from a simulacrum.
  • the simulacrum is a physical card form factor which is inserted within the device.
  • a faux card having the form factor of a comparable UICC is inserted within an appropriately enabled mobile device.
  • the device may optionally employ card insertion detection to determine the presence of the faux card.
  • the faux card uses a pull-up or pull-down resistor between two voltage rails (e.g., power and ground), the change in voltage indicative of card insertion.
  • the faux card detects card presence based on mechanical insertion e.g., depressing a switch, blocking a light beam, breaking an electrical connection, etc.
  • insertion of the card connects two otherwise disconnected leads. Yet other methods for card detection will be recognized by those of ordinary skill given the present disclosure.
  • the simulacrum is scanned or read by the device.
  • scanning comprises scanning a barcode (e.g., via a camera, or other optical capture apparatus). It is noted that the scanning apparatus may be indigenous to the device itself (e.g., a smartphone camera), or may be external to the device (e.g., a third-party or external device, which is communication with the target device, as discussed below).
  • scanning comprises reading an electrical circuit, such as a memory, state machine, shift register, etc.
  • scanning comprises a radio frequency scan, such as via RFID, short range wireless protocols such as NFC (ISO 14443), etc.
  • the simulacrum is entered by human interface.
  • the simulacrum is added to the device by the user via a graphical user interface or other type of input device.
  • a subscriber may read the actual simulacrum, providing the appropriate representation to the device.
  • a subscriber enters the identifier on their personal computer.
  • the personal computer provides the identifier to the device, over a docking link.
  • a customer service representative may read a card within a card reader; thereafter, the card reader provides the appropriate identifier to the device via wireline or wireless interface.
  • the device may further verify the validity of the read or captured information,
  • the read information may include self-evident fraud detection, such as cross-referencing identifiers, digital encrypted signatures, digital watermarking or other steganographic techniques, cryptographic (e.g., one-way) hashes, checksums, etc.
  • Invalid information may either overtly or discretely flag an error, abort operation, or disable the device.
  • the device requests the access data. If the access data is resident to the device, then in one embodiment the device uses the resident copy.
  • the device checks the read representation among its internal records to determine if the associated access data is already stored internally. In one variant, the device will only request access data if it does not already have associated access data. For example, the device may have previously downloaded access data, the card insertion being used merely to enable the use of the access data. In other variants, the device may request access data corresponding to the representation a new, to ensure that access data remains "fresh”. In yet other variants, the device may request user intervention to determine appropriate action.
  • the request for access data can also be initiated manually by the user of the wireless device. For example, in embodiments where multiple access data is possible (e.g., a user has a choice over one or more eSIMs, etc.), the user selects one access data (or a set of complementary eSIM for multiple users). Thereafter, the device requests access data for the selected one(s). in another such example, where access data has not yet been assigned to the simulacrum (e.g., where access data assignment has been postponed), a user interface may enable a user to complete information necessary for generating the access data. Such information may comprise for example accounting information, selection of a carrier, persona] identifying information, etc.
  • the request for access data corresponding to the one or more read/captured representations is initiated automatically by the device.
  • the device may automatically request the access data.
  • a device may preferentially select one of the representations based on e.g., business concern, user preference, device type, etc. For example, a device with multiple options may select the option most economical for the user. In yet other implementations, a device with multiple options may select the option most likely to enable application burden (e.g., the most advanced available network, etc.)
  • a simulacrum can in fact represent multiple different profiles, thus enabling different profiles for different devices (possibly of different capabilities) without requiring the user to know the difference, or manage different cards, etc.
  • a UE deiennines that no eSIM data has been downloaded for an inserted faux UICC card
  • the UE automatically requests and initiates the download of eSIM data.
  • the UE Graphical User Interface asks the user to input information such as: an activation code associated with the inserted card, account information, desired service plan, etc.
  • the UE sends the input information to request access data information.
  • the delivery mode is a wireless network (e.g., cellular, WLAN, PAN, or WMAN).
  • wireless technologies include without limitation Global System for Mobile Communication (GSM), Interim Standard 95 (IS-95), Interim Standard 2000 (IS-2000), 3GPP/3GPP2, Universal Mobile Telecomunication System (UMTS), Long Term Evolution (LTE), Long Term Evolution Advanced (LTE-A), Worldwide Interoperability for Microwave Access (WiMAX), Wireless Local Area Network (WLAN), Bluetooth, etc.
  • GSM Global System for Mobile Communication
  • IS-95 Interim Standard 95
  • IS-2000 Interim Standard 2000
  • 3GPP/3GPP2 Universal Mobile Telecomunication System
  • UMTS Universal Mobile Telecomunication System
  • LTE Long Term Evolution
  • LTE-A Long Term Evolution Advanced
  • WiMAX Worldwide Interoperability for Microwave Access
  • WLAN Wireless Local Area Network
  • Bluetooth etc.
  • access data can be delivered to a cellular device over a wireless network via a local carrier update portal.
  • a local carrier update portal See, e.g., the exemplary secure transfer scheme as described in co-owned U.S. Provisional Patent Application Serial No. 61/407,866 filed on October 28, 2010 and entitled "METHODS AND APPARATUS FOR STORAGE AND EXECUTION OF ACCESS CONTROL CLIENTS", previously incorporated herein.
  • secure sessions can be established between the mobile device and the local carrier update portal, enabling secure transmission of access data.
  • Artisans of ordinary skill will appreciate that the foregoing scheme is merely illustrative; substitution with other analogous schemes can readily be made given the contents of the present disclosure.
  • the wireless device is hard-coded with a cryptographic public/private key pair (e.g., Rivest, Shamir and Adleman (RSA) algorithm) that is stored in a physically protected secure element of the software entity e.g., the eUICC.
  • a cryptographic public/private key pair e.g., Rivest, Shamir and Adleman (RSA) algorithm
  • RSA Rivest, Shamir and Adleman
  • the authenticity of the eUICC and the secrecy of the private key is further attested to by a trusted entity that has issued an "endorsement" certificate for the eUICC key pair.
  • a trusted entity may be e.g., the device manufacturer, a network operator, etc.
  • a public/private key pair includes a secret private key, and a published public key. A message encrypted with the public key can only be decrypted using the proper private key.
  • Public/private key schemes are considered “asymmetric", as the key used to encrypt and decrypt are different, and thus the encrypter and decrypter do not share the same key.
  • symmetric key schemes utilize the same key (or trivially transformed keys) for both encryption and decryption.
  • the Rivest, Shamir and Adleman (RSA) algorithm is one type of public/private key pair cryptography that is commonly used within the related arts, but it will be recognized that the present invention is in no way limited to the RSA algorithm or in fact asymmetric techniques.
  • the device key pairs are asymmetric, the public keys can be distributed without compromising the integrity of the private keys. Accordingly, the device key and certificate can be used to protect and verify the communication between previously unknown parties (e.g., the mobile device, and the local carrier update portal).
  • the mobile device provides its public key and an endorsement certificate to the local carrier update portal.
  • the local carrier update portal verifies the endorsement certificate (e.g., verification with the trusted entity that issued the certificate, etc.). If the endorsement certificate is valid, the local carrier update portal transmits a vendor certificate, and a session key to the mobile device, where the session key is further encrypted by the wireless device's public key.
  • the wireless device verifies the vendor certificate and decrypts the session key with its private key. If the vendor certificate is valid, then the wireless device accepts the session key.
  • the wireless device may transmit the request to retrieve the stored user access data by transmitting data packages containing the first and second representations of user access data.
  • the delivery is conducted over a wireline network.
  • the wireline network comprises an internet (e.g., broadband DOCSIS, DSL, Tl , ISDN, etc.) connection.
  • internet e.g., broadband DOCSIS, DSL, Tl , ISDN, etc.
  • one mode of delivery may utilize online stores (such as the iTunesTM developed and operated by the Assignee hereof or comparable).
  • Access data can be delivered to an online store application executing on a subscriber's personal computer, the access data is then transferred to the device during standard docking procedures. Alternately, the access data can be pushed to the device via a local area network operated or otherwise serving the personal computer.
  • the access data is received at the target device and stored thereon (or on a designated associated storage device).
  • FIG. 4 one embodiment of a generalized method for providing an access control client is illustrated.
  • a request is received for one or more access control clients.
  • a SIM Subscriber identity Module provisioning server
  • SPS Subscriber identity Module
  • the request is verified and/or authorized.
  • the entity verifies that the request is a legitimate request. For example, verification of the received request may help identify fraudulent or compromised simulacrum.
  • the request is does not match the network registry (e.g., a set of identifiers is missing one or more identifiers, has different identifiers, has one or more corrupted identifiers, or includes additional identifiers), then the request is flagged as an abnormal or mis-formed request, and can be used to detect fraudulent behavior.
  • the request includes one or more signatures or certificates which can be independently verified to identify malicious behavior.
  • the request is authorized before being fulfilled. For example, where the billing information is incorrect, incomplete, or rejected, the request may be denied. In other example, where the request is for a service which is not offered, not available, etc. the request may be denied. Still other considerations may be current network load, legal requirements, etc.
  • the entity either provides the existing access data associated with the request, or generates access data to fulfill the request (step 406).
  • the entity provides the access control client associated with the request to the device.
  • the entity retrieves the access control client from the network registry, updates the corresponding status changes, and provides the access control client to the device.
  • the entity generates the access control client according to the request.
  • the entity updates the network registry, and provides the access control client to the device.
  • delivery can be conducted over a wireless network, or alternately a wireline network.
  • the update is performed over a secure session established between the device and the entity.
  • a stand-alone SPS may be managed by a service intermediary; this service intermediary may comprise a device manufacturer partnered to one or more MNO's, yet commanding a premium for access to the eSIM distributed from the SPS.
  • Pricing structures may be derived on e.g., a per eSIM basis, such as where each subscriber must pay a premium for each eSIM it is given access to.
  • eSIM embedded MultiMediaCard
  • wallet UE feature may be structured to require advanced or upgraded subscriptions.
  • the client server may be managed by the aforementioned service intermediary (such as a device manufacturer) and provides mechanisms and business rules eSIM access.
  • a user may purchase a "faux UICC card" to request post- or pre-paid access to network, then via the Internet or other communication network, may download the correspond eSIM to their device.
  • the service intermediary performs many of the functions of an MNO (such as by managing billing, etc.) according to this embodiment.
  • rules may be implemented to allow for updating eSIM data associated with a particular faux UICC card".
  • the SPS can be updated with new eSIM data for the user to download while deactivating the comprised eSIM. This would allow a user to receive a new eSIM without having to replace the physical UICC card. It is appreciated not requiring a new physical card increases convenience to a user needing new eSIM data while reducing operating costs by negating the need to manufacturer and provide a new UICC.
  • SPS SIM Provisioning Server
  • FIG. 5 illustrates one exemplary embodiment of an SPS 500 useful with the present invention.
  • the SPS may comprise a stand-alone entity or may be disposed within a trusted network entity, or assume yet other configurations.
  • the SPS generally includes a network interface 502 for interfacing with the communications network, a processor 504, a storage apparatus 506, and various back end interfaces 508.
  • Other interfaces may also be utilized, the foregoing being merely illustrative.
  • the back end interface 508 enables the SPS to communicate with one or more MNO or trusted network entities.
  • the SPS 500 includes at least a SIM provisioning application 510 running on the processor 504 thereof.
  • SIM provisioning functionality may comprise a distributed application running on a plurality of entities in data communication with one another.
  • the SIM provisioning application 510 receives communications from a target device such as (i) a communication requesting that a particular eSIM be allocated to the target device, (ii) a communication requesting access to one or more eSIM stored thereon.
  • the SIM provisioning application 510 is also responsible for verifying the above requests to ensure these are received from authorized entities and there are no security concerns.
  • the SIM provisioning application 510 is responsible for determining the current status of the requested eSIM as well as whether the requested eSIM may be provided.
  • the determination of whether an eSIM is available and may be provided may be specific to the requesting subscriber or device, and/or to the requested eSIM.
  • the SIM provisioning application may be configured to query network entities (such as billing entities, etc) to determine a service level or tier for a requesting user or device. This information may then be utilized to determine whether the requesting user or device may access the requested eSIM.
  • the SIM provisioning application may simply receive rules for each eSIM from a separate entity (such as the entity which generates the eSIM, or another network entity charged with making the aforementioned determinations), either in response to a query or automatically.
  • the SIM provisioning application 510 may optionally generate notifications to a system administrator in the instance that it is believed that an illegal or unauthorized copy of an eSIM has been created and/or distributed.
  • FIG. 6 one exemplary embodiment of apparatus useful for implementing the methods of the present invention is illustrated.
  • the exemplary user device 600 of FIG. 6 is a wireless device with a processor subsystem 602 such as a digital signal processor, microprocessor, field- programmable gate array, or plurality of processing components mounted on one or more substrates 604.
  • the processing subsystem may also comprise an internal cache memory.
  • the processing subsystem is connected to a memory subsystem 606 comprising memory which may for example, comprise SRAM, flash and SDRAM components.
  • the memory subsystem may implement one or a more of DMA type hardware, so as to facilitate data accesses as is well known in the art.
  • the memory subsystem contains computer-executable instructions which are executable by the processor subsystem.
  • the device can comprise of one or more wireless interfaces 608 adapted to connect to one or more wireless networks.
  • the multiple wireless interfaces may support different radio technologies such as GSM, CDMA, UMTS, LTE/LTE-A, WiMAX, WLAN, Bluetooth, etc. by implementing the appropriate antenna and modem subsystems.
  • the user interface subsystem 610 includes any number of well-known I/O including, without limitation: a keypad, touch screen (e.g., multi -touch interface), LCD display, backlight, speaker, and/or microphone. However, it is recognized that in certain applications, one or more of these components may be obviated.
  • PCMCIA card-type client embodiments may lack a user interface (as they could piggyback onto the user interface of the host device to which they are physically and/or electrically coupled).
  • the exemplary device also includes I/O necessary to scan, read, or otherwise determine an identifier.
  • the I/O comprises a digital camera and associated software, suitable for reading a printed indicia.
  • the I O comprises a digital scanner comprising a light (e.g., laser), and light sensor, adapted to read a barcode or other form of computer-readable indicia. Yet other variations are readily appreciated by an artisan having ordinary skill when provided the present disclosure.
  • the device includes a secure element 612 which contains and operates the eUICC application 614.
  • the eUICC is capable of storing and accessing a plurality of access control clients, where the access control clients are configured to authenticate the user to a respective network.
  • the secure element is accessible by the memory subsystem 606 at the request of the processor subsystem 602.
  • the secure element may also comprise a so-called "secure microprocessor' or SM of the type well known in the security arts.
  • the UICC is emulated as a virtual or electronic entity such as e.g., a software application, hereafter referred to as an Electronic Universal Integrated Circuit Card (eUICC), that is contained within a secure element (e.g., secure microprocessor or storage device) in the UE.
  • eUICC Electronic Universal Integrated Circuit Card
  • the eUICC is capable of storing and managing multiple SIM elements, referred hereafter as Electronic Subscriber Identity Modules (eSIM). Each eSIM contains the same data of a typical SIM.
  • the eUICC selects an eSIM based upon the eSIM's ICC-ID.
  • the SIM application generally encompasses access control clients such as the aforementioned USIM, CSIM, ISIM, SIM, RUIM, etc. It is further understood that each eSIM is associated with a user account, thus an "eSIM" may broadly encompass multiple access control clients (e.g., a user may have a USIM, and a SIM associated with the same eSIM account).
  • the simulacrum in the present context comprises a physical representation of the SIM card media, but does not contain the actual eSIM logical entity. Instead, the simulacrum is marked with an indication as to the logical eSIM entity associated therewith.
  • the simulacrum is a SIM card form factor having electrical contacts, a polymer outer case or body, and a PROM or other such storage device within and in electrical communication with the contacts.
  • the user device e.g., smartphone
  • logic within the user device interrogates or reads the faux SIM card (much as a conventional card) via the terminals so as to extract the identification or access data present in the storage device.
  • the user device then establishes contact with an eSIM provisioning entity (e.g., over one of the indigenous radio or wireline interfaces of the user device), the latter which is provided with the read identification/access data via the interface.
  • the entity which may be e.g., a remote server or the like
  • the eSIM is generated and provisioned for the requesting user device, and ultimately an account set up with a designated service provider.
  • the simulacrum is a small plastic or cardboard "card", having a label or other machine- or human-cognizable rendering affixed thereto or imprinted thereon.
  • the rendering when scanned or otherwise read, identifies a corresponding eSIM (e.g., stored within a SIM Provisioning Server (SPS), etc.).
  • SPS SIM Provisioning Server
  • the scanning may trigger the generation of a corresponding eSIM.
  • the identified (or generated) eSIM is programmed into the eUICC.
  • the simulacrum of the present invention helps ensure that distribution of eSIMs is limited to entities in possession of the physical card. Moreover, as described supra, use of the simulacrum enables legacy inventory management, and/or subscriber interface. However, in addition to the benefits offered by the "physicality" of the simulacrum, the simulacrum does not detract from the benefits associated with a virtualized eSIM. For example, the eSIM identified by the simulacrum is not hard-coded, and thus the eSIM can be updated or dynamically changed without requiring a replacement physical card.
  • the simulacrum when the simulacrum is moved to a new device, the new device downloads the eSIM associated with the simulacrum (including optionally its most recent updates).
  • the simulacrum can be associated with more than one eSIM.
  • a vendor may consolidate multiple eSIMs (either as a preset bundle, or according to customer requirements) under a single simulacrum. Thereafter, the simulacrum references multiple eSIMs.
  • the electronic identification information may be physical disposable card (e.g., a gift card, or other token, etc.)
  • observance or maintenance of legal requirements associated with obtaining user access data is provided.
  • a user access data e.g. SIM card, UICC card.
  • eSIM data e.g. SIM card, UICC card.
  • legal compliance is maintained, because user identification may still be verified upon purchasing the "faux UICC card”.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un simulacre de dispositif de sécurité physique et des procédés. Conformément à un mode de réalisation, un simulacre de dispositif de sécurité physique ou un dispositif factice est fourni pour être utilisé en association avec un logiciel d'émulation du dispositif de sécurité. Conformément à une forme de réalisation, une "fausse carte SIM" ne contenant pas en elle-même les informations d'un Module d'Identification d'Abonné (SIM) est fournie, celle-ci permettant en revanche à un utilisateur de télécharger des informations SIM électroniques (eSIM) (par exemple en provenance d'un réseau ou d'un serveur eSIM) qui sont chargées dans un logiciel d'émulation d'un dispositif à carte de circuit intégré universelle (UICC, Universal Integrated Circuit Card). Un code d'activation, un motif d'analyse ou d'autres informations d'activation ou d'accès sont imprimés sur la fausse carte. L'abonné achète la fausse carte et saisit le code d'activation sur le dispositif ; le code d'activation saisi permet au dispositif de se connecter à un réseau et de télécharger les données eSIM appropriées. La fourniture des informations eSIM telles qu'elles ont été autorisées par la fausse carte remédie aux défauts des techniques de distribution de cartes SIM existantes, offre aux utilisateurs une sensation de sécurité accrue, et prend également en compte diverses exigences légales.
PCT/US2011/058994 2010-11-04 2011-11-02 Simulacre de dispositif de sécurité physique et procédés WO2012061516A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US41029810P 2010-11-04 2010-11-04
US61/410,298 2010-11-04
US13/080,533 2011-04-05
US13/080,533 US9100393B2 (en) 2010-11-04 2011-04-05 Simulacrum of physical security device and methods

Publications (1)

Publication Number Publication Date
WO2012061516A1 true WO2012061516A1 (fr) 2012-05-10

Family

ID=46020914

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2011/058994 WO2012061516A1 (fr) 2010-11-04 2011-11-02 Simulacre de dispositif de sécurité physique et procédés

Country Status (3)

Country Link
US (2) US9100393B2 (fr)
TW (1) TWI469612B (fr)
WO (1) WO2012061516A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9037193B2 (en) 2010-12-06 2015-05-19 Gemalto Sa Method for switching between a first and a second logical UICCS comprised in a same physical UICC
US9408066B2 (en) 2010-12-06 2016-08-02 Gemalto Inc. Method for transferring securely the subscription information and user data from a first terminal to a second terminal

Families Citing this family (56)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8996002B2 (en) 2010-06-14 2015-03-31 Apple Inc. Apparatus and methods for provisioning subscriber identity data in a wireless network
US8666368B2 (en) 2010-05-03 2014-03-04 Apple Inc. Wireless network authentication apparatus and methods
US8555067B2 (en) 2010-10-28 2013-10-08 Apple Inc. Methods and apparatus for delivering electronic identification components over a wireless network
US9723481B2 (en) 2010-10-29 2017-08-01 Apple Inc. Access data provisioning apparatus and methods
US9100393B2 (en) 2010-11-04 2015-08-04 Apple Inc. Simulacrum of physical security device and methods
US8707022B2 (en) * 2011-04-05 2014-04-22 Apple Inc. Apparatus and methods for distributing and storing electronic access clients
US9450759B2 (en) 2011-04-05 2016-09-20 Apple Inc. Apparatus and methods for controlling distribution of electronic access clients
US8887257B2 (en) 2011-04-26 2014-11-11 David T. Haggerty Electronic access client distribution apparatus and methods
WO2012154600A1 (fr) 2011-05-06 2012-11-15 Apple Inc. Procédés et appareil de mise à disposition de fonctions de gestion pour des clients de contrôle d'accès
US9351236B2 (en) * 2011-07-19 2016-05-24 At&T Intellectual Property I, L.P. UICC carrier switching via over-the-air technology
EP2813100A2 (fr) 2012-02-07 2014-12-17 Apple Inc. Appareil et procédés de détection de fraude assistée par réseau
MX342702B (es) * 2012-02-14 2016-10-10 Apple Inc Metodos y aparato para distribucion a gran escala de clientes de acceso electronico.
US9235406B2 (en) 2012-04-24 2016-01-12 Apple Inc. Methods and apparatus for user identity module update without service interruption
KR102122803B1 (ko) * 2012-05-24 2020-06-15 삼성전자주식회사 eUICC에 SIM 프로파일을 제공하는 방법 및 장치
KR102173534B1 (ko) * 2012-05-24 2020-11-03 삼성전자 주식회사 이동통신사업자 정보 제공 방법 및 이를 수행하는 장치
EP2706770A1 (fr) * 2012-09-06 2014-03-12 Gemalto SA Procédé de clonage d'un élément sécurisé
US8983543B2 (en) 2012-09-12 2015-03-17 Li Li Methods and apparatus for managing data within a secure element
CN107547571B (zh) * 2012-11-21 2021-06-22 苹果公司 用于管理访问控制的方法和访问控制客户端供应服务器
US9408056B2 (en) 2013-03-15 2016-08-02 T-Mobile Usa, Inc. Systems and methods for improving telecommunications device experiences
CN103268462B (zh) * 2013-04-16 2016-05-18 小米科技有限责任公司 信息获取方法、装置和终端
US9497628B2 (en) * 2013-04-16 2016-11-15 Xiaomi Inc. Method and terminal for obtaining information
US10592890B2 (en) 2014-09-03 2020-03-17 Intel Corporation Methods and arrangements to complete online transactions
US9319088B2 (en) * 2013-05-09 2016-04-19 Intel Corporation Radio communication devices and methods for controlling a radio communication device
US9350550B2 (en) 2013-09-10 2016-05-24 M2M And Iot Technologies, Llc Power management and security for wireless modules in “machine-to-machine” communications
US9100175B2 (en) 2013-11-19 2015-08-04 M2M And Iot Technologies, Llc Embedded universal integrated circuit card supporting two-factor authentication
US10181117B2 (en) 2013-09-12 2019-01-15 Intel Corporation Methods and arrangements for a personal point of sale device
US10498530B2 (en) 2013-09-27 2019-12-03 Network-1 Technologies, Inc. Secure PKI communications for “machine-to-machine” modules, including key derivation by modules and authenticating public keys
US9830446B2 (en) * 2013-10-16 2017-11-28 Silver Spring Networks, Inc. Return material authorization fulfillment system for smart grid devices with customer specific cryptographic credentials
US10700856B2 (en) 2013-11-19 2020-06-30 Network-1 Technologies, Inc. Key derivation for a module using an embedded universal integrated circuit card
CN106851628B (zh) 2013-12-05 2020-08-07 华为终端有限公司 下载运营商的文件的方法及设备
CN105637498B (zh) 2014-05-23 2019-05-28 华为技术有限公司 eUICC的管理方法、eUICC、SM平台和系统
US10397770B2 (en) * 2014-05-30 2019-08-27 Apple Inc. Mitigating paging collisions in dual standby devices
WO2015184064A1 (fr) * 2014-05-30 2015-12-03 Apple Inc. Stockage sécurisé d'un module électronique d'identité d'abonné sur un dispositif de communications sans fil
US10623952B2 (en) 2014-07-07 2020-04-14 Huawei Technologies Co., Ltd. Method and apparatus for authorizing management for embedded universal integrated circuit card
US9609458B2 (en) 2014-09-25 2017-03-28 Intel IP Corporation Mobile radio communication devices, servers, methods for controlling a mobile radio communication device, and methods for controlling a server
US9853977B1 (en) 2015-01-26 2017-12-26 Winklevoss Ip, Llc System, method, and program product for processing secure transactions within a cloud computing system
US10785645B2 (en) * 2015-02-23 2020-09-22 Apple Inc. Techniques for dynamically supporting different authentication algorithms
WO2016145660A1 (fr) * 2015-03-19 2016-09-22 华为技术有限公司 Procédé et appareil d'ajustement de la puissance d'émission dans le gsm
US9565172B2 (en) * 2015-06-17 2017-02-07 Telefonaktiebolaget Lm Ericsson (Publ) Method for enabling a secure provisioning of a credential, and related wireless devices and servers
US10003974B2 (en) 2015-06-19 2018-06-19 Apple Inc. Electronic subscriber identity module management under multiple certificate authorities
CN105472125B (zh) * 2015-11-16 2019-11-26 联想(北京)有限公司 一种信息处理方法及电子设备
US10021558B2 (en) * 2016-03-29 2018-07-10 Qualcomm Incorporated System and methods for using embedded subscriber identity module (eSIM) provisioning processes to provide and activate device configuration packages on a wireless communication device
US10574465B2 (en) 2016-05-18 2020-02-25 Apple Inc. Electronic subscriber identity module (eSIM) eligibility checking
US9865104B1 (en) 2016-08-16 2018-01-09 Honeywell International Inc. Gesture encrypted access system based on multidimensional code
FR3056788A1 (fr) * 2016-09-29 2018-03-30 Orange Gestion d'une offre multi-sim a codes d'activation multiples
FR3056781A1 (fr) * 2016-09-29 2018-03-30 Orange Attribution de profils a une pluralite de terminaux a cartes sim implantees
EP3525389B1 (fr) * 2016-10-04 2021-02-17 Nec Corporation Système de gestion de sim intégré, dispositif de noeud, procédé de gestion de sim intégré, programme et dispositif d'enregistrement d'informations
FR3060160A1 (fr) * 2016-12-08 2018-06-15 Orange Technique de gestion d'un droit d'acces a un service pour un dispositif communicant
FR3069403A1 (fr) * 2017-07-19 2019-01-25 Orange Chargement d' un nouveau profil d' abonnement dans un module embarque d' identification de souscripteur
US10999158B2 (en) * 2018-09-11 2021-05-04 Apple Inc. User interfaces for controlling or presenting information about multiple cellular identifiers on an electronic device
WO2020145623A1 (fr) * 2019-01-08 2020-07-16 Samsung Electronics Co., Ltd. Appareil et procédé de gestion de profil esim de dispositif d'issp
KR102618287B1 (ko) * 2019-01-08 2023-12-27 삼성전자 주식회사 eSIM Profile을 iSSP 장치에 핸들링하기 위한 방법 및 장치
WO2020167063A1 (fr) * 2019-02-14 2020-08-20 Samsung Electronics Co., Ltd. Procédé et appareil pour télécharger un bundle sur une plateforme sécurisée intelligente en utilisant un code d'activation
US11272336B2 (en) * 2019-09-12 2022-03-08 Amdocs Development Limited System, method, and computer program for transferring subscriber identity module (SIM) information for SIM card or eSIM activation
FR3110319B1 (fr) * 2020-05-14 2022-04-22 St Microelectronics Rousset Dispositif de communication sans fil
CN113115295B (zh) * 2021-04-22 2022-07-08 Tcl通讯(宁波)有限公司 用于移动设备的数据传输方法及系统

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010039583A1 (en) * 2000-01-26 2001-11-08 Lida Nobakht Smart card for accessing a target internet site
EP1865437A2 (fr) * 2006-06-05 2007-12-12 Ricoh Company, Ltd. Gestion de l'accès à un dispositif de traitement de documents à l'aide d'un jeton d'identification
US20090181662A1 (en) 2007-09-01 2009-07-16 David Fleischman Postponed Carrier Configuration

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE59912687D1 (de) * 1999-07-06 2005-11-24 Swisscom Mobile Ag Verfahren zum prüfen von fahrkarten von benutzern öffentlicher verkehrsmittel
US20010054112A1 (en) * 2000-01-26 2001-12-20 Lida Nobakht Channel-based internet network for a satellite system
FR2823337B1 (fr) 2001-04-05 2004-10-15 Netseniors Procede de lecture, traitement, transmission et exploitation d'un code a barres
RU2008119964A (ru) * 2005-10-23 2009-11-27 Роджер ХУМБЕЛЬ (CH) Способ мультимедийной мобильной связи
US7731095B2 (en) * 2006-09-15 2010-06-08 Sandisk Il Ltd Ternary SIM card delivery
US8064597B2 (en) * 2007-04-20 2011-11-22 Telefonaktiebolaget Lm Ericsson (Publ) Method and system for mobile device credentialing
DE102007044905A1 (de) * 2007-09-19 2009-04-09 InterDigital Patent Holdings, Inc., Wilmington Verfahren und Vorrichtung zur Ermöglichung einer Dienstnutzung und Feststellung der Teilnehmeridentität in Kommunikationsnetzen mittels softwarebasierten Zugangsberechtigungsausweisen (vSIM)
US20090125996A1 (en) * 2007-09-19 2009-05-14 Interdigital Patent Holdings, Inc. Virtual subscriber identity module
DE102008025792A1 (de) * 2008-05-29 2009-12-17 T-Mobile International Ag Personalisierung einer SIM mittels einer eindeutigen, personlisierten MasterSIM
AR073125A1 (es) 2008-08-25 2010-10-13 Interdigital Patent Holdings Tarjeta de circuito integrada universal que tiene una funcion de modulo de identificacion virtual de usuario.
US8811969B2 (en) * 2009-06-08 2014-08-19 Qualcomm Incorporated Virtual SIM card for mobile handsets
US8676180B2 (en) * 2009-07-29 2014-03-18 Qualcomm Incorporated Virtual SIM monitoring mode for mobile handsets
US8725139B2 (en) * 2009-09-08 2014-05-13 Movirtu Limited Method and system to enable multiple virtual numbers across different mobile networks
US9105023B2 (en) * 2010-02-26 2015-08-11 Blackberry Limited Methods and devices for transmitting and receiving data used to activate a device to operate with a server
US8738729B2 (en) * 2010-07-21 2014-05-27 Apple Inc. Virtual access module distribution apparatus and methods
US8757495B2 (en) * 2010-09-03 2014-06-24 Hand Held Products, Inc. Encoded information reading terminal with multi-band antenna
US9723481B2 (en) * 2010-10-29 2017-08-01 Apple Inc. Access data provisioning apparatus and methods
US8532706B2 (en) * 2010-10-30 2013-09-10 Palm, Inc. Techniques to manage a subscriber identity module for a mobile wireless device
US9100393B2 (en) 2010-11-04 2015-08-04 Apple Inc. Simulacrum of physical security device and methods

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010039583A1 (en) * 2000-01-26 2001-11-08 Lida Nobakht Smart card for accessing a target internet site
EP1865437A2 (fr) * 2006-06-05 2007-12-12 Ricoh Company, Ltd. Gestion de l'accès à un dispositif de traitement de documents à l'aide d'un jeton d'identification
US20090181662A1 (en) 2007-09-01 2009-07-16 David Fleischman Postponed Carrier Configuration

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9037193B2 (en) 2010-12-06 2015-05-19 Gemalto Sa Method for switching between a first and a second logical UICCS comprised in a same physical UICC
US9294919B2 (en) 2010-12-06 2016-03-22 Gemalto Sa Method for exporting on a secure server data comprised on a UICC comprised in a terminal
US9301145B2 (en) 2010-12-06 2016-03-29 Gemalto Sa UICCs embedded in terminals or removable therefrom
US9326146B2 (en) 2010-12-06 2016-04-26 Gemalto Inc. Method for downloading a subscription in an UICC embedded in a terminal
US9408066B2 (en) 2010-12-06 2016-08-02 Gemalto Inc. Method for transferring securely the subscription information and user data from a first terminal to a second terminal
US9462475B2 (en) 2010-12-06 2016-10-04 Gemalto Sa UICCs embedded in terminals or removable therefrom
US9532223B2 (en) 2010-12-06 2016-12-27 Gemalto Sa Method for downloading a subscription from an operator to a UICC embedded in a terminal
US9690950B2 (en) 2010-12-06 2017-06-27 Gemalto Sa Method for exporting data of a Javacard application stored in a UICC to a host
US9760726B2 (en) 2010-12-06 2017-09-12 Gemalto Sa Method for remotely delivering a full subscription profile to a UICC over IP
US9946888B2 (en) 2010-12-06 2018-04-17 Gemalto Sa System for managing multiple subscriptions in a UICC
US10242210B2 (en) 2010-12-06 2019-03-26 Gemalto Sa Method for managing content on a secure element connected to an equipment

Also Published As

Publication number Publication date
US20120117635A1 (en) 2012-05-10
US20160044493A1 (en) 2016-02-11
US9100393B2 (en) 2015-08-04
TWI469612B (zh) 2015-01-11
TW201234827A (en) 2012-08-16
US10149144B2 (en) 2018-12-04

Similar Documents

Publication Publication Date Title
US10149144B2 (en) Simulacrum of physical security device and methods
US9788209B2 (en) Apparatus and methods for controlling distribution of electronic access clients
US10206106B2 (en) Methods and apparatus for delivering electronic identification components over a wireless network
US9686076B2 (en) Apparatus and methods for storing electronic access clients
US9419970B2 (en) Electronic access client distribution apparatus and methods
JP5613338B2 (ja) 端末内のuiccに含まれるデータをセキュアサーバにエクスポートする方法
US9098714B2 (en) Policy-based techniques for managing access control
TWI592051B (zh) 網路輔助之詐欺偵測裝置及方法
JP2010539741A (ja) サービスプロバイダ起動
WO2013123233A2 (fr) Procédés et appareils pour distribution à grande échelle de clients d'accès électronique
Vahidian Evolution of the SIM to eSIM
AU2014203692B2 (en) Apparatus and methods for storing electronic access clients

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11811590

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11811590

Country of ref document: EP

Kind code of ref document: A1